ef4e919472
This reverts commit8bd07a6cf9. Reason for revert: This revert was incorrect and breaks the build. Original change's description: > Revert "Move base/test/bind_test_util.h to base/test/bind.h" > > This reverts commita4493a6f80. > > Reason for revert: This CL breaks internal builds (e.g. /chrome/browser/media/kaleidoscope/internal/kaleidoscope_browsertest.cc). > > Original change's description: > > Move base/test/bind_test_util.h to base/test/bind.h > > > > Stop relying on us to remember arcane file names when writing tests, > > and repeating the directory hierarchy into the file name. > > > > R=dcheng@chromium.org > > TBR= > > NOPRESUBMIT=true > > > > Change-Id: I49c951162939c7dcef44883bee740f94b2f49e09 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2523099 > > Commit-Queue: danakj <danakj@chromium.org> > > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#825145} > > TBR=danakj@chromium.org,dcheng@chromium.org > > # Not skipping CQ checks because original CL landed > 1 day ago. > > Change-Id: If165b8443662baa564895e994ea0d772348e6da6 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2526102 > Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> > Commit-Queue: Denis Kuznetsov [CET] <antrim@chromium.org> > Cr-Commit-Position: refs/heads/master@{#825328} TBR=danakj@chromium.org,dcheng@chromium.org,antrim@chromium.org # Not skipping CQ checks because this is a reland. NOPRESUBMIT=true NOTREECHECK=true No-Try: True Change-Id: I6a8c0c8bbb1c8f87cc7f2df7a8b3388971292975 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2526683 Commit-Queue: Guido Urdaneta <guidou@chromium.org> Reviewed-by: Guido Urdaneta <guidou@chromium.org> Cr-Commit-Position: refs/heads/master@{#825329}
222 lines
7.9 KiB
C++
222 lines
7.9 KiB
C++
// Copyright 2016 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include <stdint.h>
|
|
#include <memory>
|
|
#include <utility>
|
|
|
|
#include "base/bind.h"
|
|
#include "base/command_line.h"
|
|
#include "base/containers/span.h"
|
|
#include "base/macros.h"
|
|
#include "base/memory/read_only_shared_memory_region.h"
|
|
#include "base/memory/shared_memory_mapping.h"
|
|
#include "base/memory/unsafe_shared_memory_region.h"
|
|
#include "base/memory/writable_shared_memory_region.h"
|
|
#include "base/run_loop.h"
|
|
#include "base/strings/string_piece.h"
|
|
#include "base/test/bind.h"
|
|
#include "build/build_config.h"
|
|
#include "content/browser/utility_process_host.h"
|
|
#include "content/public/browser/browser_task_traits.h"
|
|
#include "content/public/browser/browser_thread.h"
|
|
#include "content/public/test/browser_test.h"
|
|
#include "content/public/test/content_browser_test.h"
|
|
#include "content/public/test/test_service.mojom.h"
|
|
#include "mojo/public/cpp/bindings/remote.h"
|
|
#include "sandbox/policy/sandbox.h"
|
|
#include "sandbox/policy/switches.h"
|
|
#include "services/service_manager/public/cpp/interface_provider.h"
|
|
|
|
namespace content {
|
|
namespace {
|
|
|
|
const std::string kTestMessage = "My hovercraft is full of eels!";
|
|
|
|
class MojoSandboxTest : public ContentBrowserTest {
|
|
public:
|
|
MojoSandboxTest() = default;
|
|
|
|
using BeforeStartCallback = base::OnceCallback<void(UtilityProcessHost*)>;
|
|
|
|
void StartProcess(BeforeStartCallback callback = BeforeStartCallback()) {
|
|
base::RunLoop run_loop;
|
|
GetIOThreadTaskRunner({})->PostTaskAndReply(
|
|
FROM_HERE,
|
|
base::BindOnce(&MojoSandboxTest::StartUtilityProcessOnIoThread,
|
|
base::Unretained(this), std::move(callback)),
|
|
run_loop.QuitClosure());
|
|
run_loop.Run();
|
|
}
|
|
|
|
mojo::Remote<mojom::TestService> BindTestService() {
|
|
mojo::Remote<mojom::TestService> test_service;
|
|
GetIOThreadTaskRunner({})->PostTask(
|
|
FROM_HERE, base::BindOnce(&MojoSandboxTest::BindTestServiceOnIoThread,
|
|
base::Unretained(this),
|
|
test_service.BindNewPipeAndPassReceiver()));
|
|
return test_service;
|
|
}
|
|
|
|
void TearDownOnMainThread() override {
|
|
base::RunLoop run_loop;
|
|
GetIOThreadTaskRunner({})->PostTaskAndReply(
|
|
FROM_HERE,
|
|
base::BindOnce(&MojoSandboxTest::StopUtilityProcessOnIoThread,
|
|
base::Unretained(this)),
|
|
run_loop.QuitClosure());
|
|
run_loop.Run();
|
|
}
|
|
|
|
protected:
|
|
std::unique_ptr<UtilityProcessHost> host_;
|
|
|
|
private:
|
|
void StartUtilityProcessOnIoThread(BeforeStartCallback callback) {
|
|
host_.reset(new UtilityProcessHost());
|
|
host_->SetMetricsName("mojo_sandbox_test_process");
|
|
if (callback)
|
|
std::move(callback).Run(host_.get());
|
|
ASSERT_TRUE(host_->Start());
|
|
}
|
|
|
|
void BindTestServiceOnIoThread(
|
|
mojo::PendingReceiver<mojom::TestService> receiver) {
|
|
host_->GetChildProcess()->BindReceiver(std::move(receiver));
|
|
}
|
|
|
|
void StopUtilityProcessOnIoThread() { host_.reset(); }
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(MojoSandboxTest);
|
|
};
|
|
|
|
// Ensures that a read-only shared memory region can be created within a
|
|
// sandboxed process.
|
|
IN_PROC_BROWSER_TEST_F(MojoSandboxTest, SubprocessReadOnlySharedMemoryRegion) {
|
|
StartProcess();
|
|
mojo::Remote<mojom::TestService> test_service = BindTestService();
|
|
|
|
bool got_response = false;
|
|
base::RunLoop run_loop;
|
|
test_service.set_disconnect_handler(run_loop.QuitClosure());
|
|
test_service->CreateReadOnlySharedMemoryRegion(
|
|
kTestMessage,
|
|
base::BindLambdaForTesting([&](base::ReadOnlySharedMemoryRegion region) {
|
|
got_response = true;
|
|
ASSERT_TRUE(region.IsValid());
|
|
base::ReadOnlySharedMemoryMapping mapping = region.Map();
|
|
ASSERT_TRUE(mapping.IsValid());
|
|
auto span = mapping.GetMemoryAsSpan<const char>();
|
|
EXPECT_EQ(kTestMessage, base::StringPiece(span.data(), span.size()));
|
|
run_loop.Quit();
|
|
}));
|
|
run_loop.Run();
|
|
EXPECT_TRUE(got_response);
|
|
}
|
|
|
|
// Ensures that a writable shared memory region can be created within a
|
|
// sandboxed process.
|
|
IN_PROC_BROWSER_TEST_F(MojoSandboxTest, SubprocessWritableSharedMemoryRegion) {
|
|
StartProcess();
|
|
mojo::Remote<mojom::TestService> test_service = BindTestService();
|
|
|
|
bool got_response = false;
|
|
base::RunLoop run_loop;
|
|
test_service.set_disconnect_handler(run_loop.QuitClosure());
|
|
test_service->CreateWritableSharedMemoryRegion(
|
|
kTestMessage,
|
|
base::BindLambdaForTesting([&](base::WritableSharedMemoryRegion region) {
|
|
got_response = true;
|
|
ASSERT_TRUE(region.IsValid());
|
|
base::WritableSharedMemoryMapping mapping = region.Map();
|
|
ASSERT_TRUE(mapping.IsValid());
|
|
auto span = mapping.GetMemoryAsSpan<const char>();
|
|
EXPECT_EQ(kTestMessage, base::StringPiece(span.data(), span.size()));
|
|
run_loop.Quit();
|
|
}));
|
|
run_loop.Run();
|
|
EXPECT_TRUE(got_response);
|
|
}
|
|
|
|
// Ensures that an unsafe shared memory region can be created within a
|
|
// sandboxed process.
|
|
IN_PROC_BROWSER_TEST_F(MojoSandboxTest, SubprocessUnsafeSharedMemoryRegion) {
|
|
StartProcess();
|
|
mojo::Remote<mojom::TestService> test_service = BindTestService();
|
|
|
|
bool got_response = false;
|
|
base::RunLoop run_loop;
|
|
test_service.set_disconnect_handler(run_loop.QuitClosure());
|
|
test_service->CreateUnsafeSharedMemoryRegion(
|
|
kTestMessage,
|
|
base::BindLambdaForTesting([&](base::UnsafeSharedMemoryRegion region) {
|
|
got_response = true;
|
|
ASSERT_TRUE(region.IsValid());
|
|
base::WritableSharedMemoryMapping mapping = region.Map();
|
|
ASSERT_TRUE(mapping.IsValid());
|
|
auto span = mapping.GetMemoryAsSpan<const char>();
|
|
EXPECT_EQ(kTestMessage, base::StringPiece(span.data(), span.size()));
|
|
run_loop.Quit();
|
|
}));
|
|
run_loop.Run();
|
|
EXPECT_TRUE(got_response);
|
|
}
|
|
|
|
// Test for sandbox::policy::IsProcessSandboxed().
|
|
IN_PROC_BROWSER_TEST_F(MojoSandboxTest, IsProcessSandboxed) {
|
|
StartProcess();
|
|
mojo::Remote<mojom::TestService> test_service = BindTestService();
|
|
|
|
// The browser should not be considered sandboxed.
|
|
EXPECT_FALSE(sandbox::policy::Sandbox::IsProcessSandboxed());
|
|
|
|
base::Optional<bool> maybe_is_sandboxed;
|
|
base::RunLoop run_loop;
|
|
test_service.set_disconnect_handler(run_loop.QuitClosure());
|
|
test_service->IsProcessSandboxed(
|
|
base::BindLambdaForTesting([&](bool is_sandboxed) {
|
|
maybe_is_sandboxed = is_sandboxed;
|
|
run_loop.Quit();
|
|
}));
|
|
run_loop.Run();
|
|
ASSERT_TRUE(maybe_is_sandboxed.has_value());
|
|
EXPECT_TRUE(maybe_is_sandboxed.value());
|
|
}
|
|
|
|
IN_PROC_BROWSER_TEST_F(MojoSandboxTest, NotIsProcessSandboxed) {
|
|
StartProcess(base::BindOnce([](UtilityProcessHost* host) {
|
|
host->SetSandboxType(sandbox::policy::SandboxType::kNoSandbox);
|
|
}));
|
|
mojo::Remote<mojom::TestService> test_service = BindTestService();
|
|
|
|
// The browser should not be considered sandboxed.
|
|
EXPECT_FALSE(sandbox::policy::Sandbox::IsProcessSandboxed());
|
|
|
|
base::Optional<bool> maybe_is_sandboxed;
|
|
base::RunLoop run_loop;
|
|
test_service.set_disconnect_handler(run_loop.QuitClosure());
|
|
test_service->IsProcessSandboxed(
|
|
base::BindLambdaForTesting([&](bool is_sandboxed) {
|
|
maybe_is_sandboxed = is_sandboxed;
|
|
run_loop.Quit();
|
|
}));
|
|
run_loop.Run();
|
|
ASSERT_TRUE(maybe_is_sandboxed.has_value());
|
|
#if defined(OS_ANDROID)
|
|
// Android does not support unsandboxed utility processes. See
|
|
// org.chromium.content.browser.ChildProcessLauncherHelperImpl#createAndStart
|
|
EXPECT_TRUE(maybe_is_sandboxed.value());
|
|
#else
|
|
// If the content_browsertests is launched with --no-sandbox, that will
|
|
// get passed down to the browser and all child processes. In that case,
|
|
// IsProcessSandboxed() will report true, per the API.
|
|
bool no_sandbox = base::CommandLine::ForCurrentProcess()->HasSwitch(
|
|
sandbox::policy::switches::kNoSandbox);
|
|
EXPECT_EQ(no_sandbox, maybe_is_sandboxed.value());
|
|
#endif
|
|
}
|
|
|
|
} // namespace
|
|
} // namespace content
|